- In man page note that tls-cert-bundle is read before permission

author W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Tue, 27 Oct 2020 08:00:26 +0000 (09:00 +0100)

committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Tue, 27 Oct 2020 08:00:26 +0000 (09:00 +0100)
author W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Tue, 27 Oct 2020 08:00:26 +0000 (09:00 +0100)
committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Tue, 27 Oct 2020 08:00:26 +0000 (09:00 +0100)
diff --git a/doc/Changelog b/doc/Changelog

index 1201081d2d878d4f4a6c7d7b481471813fc9bd84..181aaad05f5f40697db760b042a99f85ab83d507 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+27 October 2020: Wouter
+       - In man page note that tls-cert-bundle is read before permission
+         drop and chroot.
+
  22 October 2020: Wouter
         - Fix #333: Unbound Segmentation Fault w/ log_info Functions From
           Python Mod.
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in

index 0b73480aa6822e0ef472ec5c2fb30eb06cc0d0a2..84805f90f88ba209e0f3f792c376a390c098df87 100644 (file)
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -522,7 +522,8 @@ Alternate syntax for \fBtls\-port\fR.
  If null or "", no file is used.  Set it to the certificate bundle file,
  for example "/etc/pki/tls/certs/ca\-bundle.crt".  These certificates are used
  for authenticating connections made to outside peers.  For example auth\-zone
-urls, and also DNS over TLS connections.
+urls, and also DNS over TLS connections.  It is read at start up before
+permission drop and chroot.
  .TP
  .B ssl\-cert\-bundle: \fI<file>
  Alternate syntax for \fBtls\-cert\-bundle\fR.
author	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Tue, 27 Oct 2020 08:00:26 +0000 (09:00 +0100)
committer	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Tue, 27 Oct 2020 08:00:26 +0000 (09:00 +0100)
doc/Changelog		patch \| blob \| blame \| history
doc/unbound.conf.5.in		patch \| blob \| blame \| history